No patch yet for Adobe PDF exploits - Adobe suggests a workaround; Mac and Linux users need not apply
Adobe issues advice on how to mitigate the latest exploits against its PDF Reader software.
For Windows users, anyway. Mac and Linux fans are still out in the cold.
Adobe's security team has said that it is investigating reports of a brand new zero-day vulnerability affecting its Adobe Reader and Acrobat XI (11.0.1) products.
Always be wary of opening unsolicited PDF files!
Learn more about what our experts have seen, and ensure that you have protection in place.
Oracle brought forward its February Patch Tuesday to provide an accelerated fix for some in-the-wild exploits.
But that meant leaving other less vital stuff out, so the pre-empted Patch Tuesday will happen after all, on 19 Feb 2013. Be there!
VMWare just announced a patch for a security hole in its virtual machine software.
It sounds as though guests might be able to tweak their hosts without authorisation, or vice versa, so you probably want to patch now and ask your questions later.
You may not have heard of cURL, but you've probably used software that uses it.
Recent versions contain a buffer overflow bug that could lead to remote code execution on your computer.
Paul Ducklin investigates, explains and advises...
It's not Tuesday...
Nevertheless, Adobe's Flash Player has been upgraded to patch against two in-the-wild exploits against Windows and Apple users.
"Yet another Java update! Get it while it's hot."
This update was planned for 19 Feb 2013.
But Oracle brought it forward, citing the "active exploitation 'in the wild' of one of the vulnerabilities affecting...desktop browsers".
It should go without saying that if you use Opera, you should update to version 12.13 as soon as possible.
But... what if you didn't get your copy of Opera from the official website?
What if, instead, you acquired your version of Opera for Mac from Apple's Mac App Store?
What if your security camera were an insecurity camera?
Paul Ducklin investigates and offers some advice...
Ten years ago to the day, we published an FAQ about a computer worm called Slammer.
It was aptly named. If you were in IT back in 2003, I'm sure you remember it well...
There's something to be said for not going with the crowd, when it comes to securing your computer.
But you best have your fingers crossed that your alternative providers' websites don't fall over when you need a security update.
Here you go.
All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).
Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again.
The Polish researcher is publicly bragging about two brand-new vulnerabilities he's found even since Oracle's most recent patch just a week ago.
Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit.
This one, it seems, targets an exploitable vulnerability even in Oracle's most recent release, Version 7 Update 11, aka 7u11.